On Wed, Jun 28, 2000 at 07:15:58PM +0200, Dag-Erling Smorgrav wrote:
> Visigoth <[EMAIL PROTECTED]> writes:
> > [patches to limit the range of ports used for passive FTP]
>
> des@flood ~% sysctl -A | grep portrange
> net.inet.ip.portrange.lowfirst: 1023
> net.inet.ip.portrange.lowlast: 600
> net.inet.ip.portrange.first: 1024
> net.inet.ip.portrange.last: 5000
> net.inet.ip.portrange.hifirst: 49152
> net.inet.ip.portrange.hilast: 65535
>
> ftpd uses ports in the high range, just adjust the last two sysctls
> and you'll be fine.
>
I had a firewall set up in this configuration (allowing "anonymous"
connects to the high portrange and denying otherwise). It was great.
I can not see the reason why ftpd(8) would need an explicit portrange.
--
Ruslan Ermilov Oracle Developer/DBA,
[EMAIL PROTECTED] Sunbay Software AG,
[EMAIL PROTECTED] FreeBSD committer,
+380.652.512.251 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
